Cybersafe Solutions Security Advisory Bulletin July 5, 2024

In this week's Security Advisory:

• HubSpot Customers Accounts Breached in Recent CyberAttack
• Cisco Releases Security Patch to Address NX-OS Zero-day Vulnerability
• Critical Vulnerability in Fortra FileCatalyst Workflow
• Multiple Vulnerabilities Patched in GitLab Community and Enterprise Editions
• Security Updates Released for Android

HubSpot, a provider that offers marketing and customer service software solutions, has issued a security notice confirming that threat actors were able to gain access on a limited number of HubSpot customer accounts on June 22nd, 2024. HubSpot notes that the accounts were targeted directly and not through HubSpot itself. They have already contacted all known victim accounts.

Our Threat Intelligence team will continue to disseminate updated information as it becomes available and as is deemed pertinent and actionable.

More Reading/Information

• https://www.spiceworks.com/it-security/cyber-risk-management/news/hubspot-faces-cyberattack-approximately-50-customer-accounts-breached/
• https://www.securityweek.com/hubspot-warns-of-ongoing-cyberattacks-targeting-customer-accounts/
• https://techcrunch.com/2024/06/28/hubspot-says-its-investigating-customer-account-hacks/

Cisco Releases Security Patch to Address NX-OS Zero-day Vulnerability

Cisco has released an update for NX-OS, the operating system used in Cisco Nexus-series switches, to address a severe vulnerability. The flaw, identified as CVE-2024-20399 and rated 6.0 out of 10 on the CVSS scale, could allow an authenticated local attacker to execute arbitrary commands with root-level privileges. Exploiting this vulnerability requires the attacker to have both network access and administrator credentials. Recent reports indicate threat actors are exploiting this vulnerability in the wild.

Affected Devices:

• MDS 9000 Series Multilayer Switches 
• Nexus 3000 Series Switches 
• Nexus 5500 Platform Switches 
• Nexus 5600 Platform Switches 
• Nexus 6000 Series Switches 
• Nexus 7000 Series Switches
• Nexus 9000 Series Switches in standalone NX-OS mode

More Reading/Information

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP
• https://www.bleepingcomputer.com/news/security/cisco-warns-of-nx-os-zero-day-exploited-to-deploy-custom-malware/
• https://www.scmagazine.com/news/cisco-patches-medium-severity-zero-day-in-its-nx-os-nexus-switch-software
• https://www.darkreading.com/vulnerabilities-threats/patch-now-cisco-zero-day-chinese-apt

Critical Vulnerability in Fortra FileCatalyst Workflow

Fortra has issued a patch to address a critical vulnerability in FileCatalyst Workflow, a secure file transfer tool. Tracked as CVE-2024-5276, this vulnerability involves a SQL injection flaw that allows attackers to execute arbitrary commands. Successful exploitation could grant unauthorized access to sensitive information and allow attackers to create administrative user accounts for persistence. CVE-2024-5276 has been rated 9.8 out of 10 on the CVSS severity scale.

Affected Versions

• FileCatalyst Workflow v5.1.6 Build 135 and earlier.

More Reading/Information

• https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
• https://www.helpnetsecurity.com/2024/06/27/cve-2024-5276-poc/
• https://www.tenable.com/security/research/tra-2024-25
• https://www.fortra.com/security/advisory/fi-2024-008

Multiple Vulnerabilities Patched in GitLab Community and Enterprise Editions

GitLab has issued security updates to resolve fourteen (14) vulnerabilities in both its Community and Enterprise Editions. Among these, the most critical is CVE-2024-5655, which has a CVSS score of 9.6 out of 10. This vulnerability can allow an attacker to execute the continuous integration and continuous deployment (CI/CD) pipeline with any user credential. If exploited successfully, this flaw could allow threat actors to perform unauthorized actions and gain access to sensitive data.

• https://www.securityweek.com/gitlab-security-updates-patch-14-vulnerabilities/
• https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/
• https://securityboulevard.com/2024/07/cve-2024-5655-gitlab-fixes-ci-cd-vulnerability-13-other-flaws-with-latest-patch-release/

Security Updates Released for Android

Android released updates to address twenty-five (25) vulnerabilities, with one (1) given a severity rating of "Critical." The most severe of these vulnerabilities is being tracked as CVE-2024-31320 and could lead to local privilege escalation. These vulnerabilities affect Android OS security patch levels prior to 2024-07-05.

More Reading/Information

• https://source.android.com/docs/security/bulletin/2024-07-01
• https://www.securityweek.com/google-patches-25-android-flaws-including-critical-privilege-escalation-bug/

Recommendations

Please review your environment to ensure the above-mentioned issues are patched in a timely manner.  It is security best practice to regularly update and/or patch software to the latest versions.  The vulnerabilities above highlight the security benefits of limiting deployed software to "vendor-supported versions" only.  This dramatically increases the likelihood that new vulnerabilities have a patch issued for them.  Likewise, Cybersafe strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.